1
From a Windows computer I logged into My Mac after updating it to Lion. I have noticed that I am able to access all files on the Mac (including /dev /usr etc)
Is there a way to deny such access?
Lea Hayes
Posted 2012-06-13T16:40:08.760
Reputation: 160
0
If you want a file to only be accessible by one user, you use: chown user foldername to assign that folder to that owner, then restrict access using the chmod 700 foldername command. Of course, you can achieve a lot of this by calling up a file's info and just setting it so that other people no longer have access to it under the privileges tab. I once had a folder that I assigned a chmod 000 (meaning nobody could access it, not even the user) and then used su (super-user) commands to bring it up if I needed it. Another option is to use chown root filename after locking down all the privs, so that you'll have to chown it back to your own username to use it.
The vital thing is to make sure that no-body else has administrator privileges, as they will be able to access anything from anywhere, as long as they know the right commands.
You can also keep a file in your root directory hidden by adding its name to the /.hidden file. Then, you can call it up with Apple-~ in Finder, enter its name, and Voila! Make sure you clear this out afterward, as someone might stumble across it.
And be careful. If you're not sure what I just said means, just stick to using the privs menu in the file-info box, and make sure no-one else has Admin access.
Brian McCarthy
Posted 2012-06-13T16:40:08.760
Reputation: 182
0
Check your System Preferences » Sharing. It could be that you have your Macintosh HD shared, which would expose its root filesystem, e.g. /dev, /usr et cetera.
There's no other possible reason for your whole file system being shared I can think of.
slhck
Posted 2012-06-13T16:40:08.760
Reputation: 182 472
According to system sharing preferences only my public directory is being shared. Running smbclient from terminal => smbclient: command not found – Lea Hayes – 2012-06-13T21:28:20.773
Ah, Lion doesn't have that command anymore, sorry. Which credentials do you use from Windows to log in on your Mac? How are these folders presented in Windows Explorer? Which shares are available in Windows? "Macintosh HD", or are they called something else? Maybe you can edit your question and add a few details. – slhck – 2012-06-13T21:51:15.307
I logged in using my regular Mac user name and password (which was setup when I first setup my Mac before Lion). On Windows I see "Macintosh HD", "Mac User's Public Folder" and "macuser" folders. Before updating to Lion I could only see "Mac User's Public Folder" – Lea Hayes – 2012-06-14T23:15:50.997
That's not advisable if the whole root of the file system is exposed since you can't just go ahead and
chmodsystem files like you want. There are certainly methods to hide files in the user's own home directory, like you said, but that's not the solution if suddenly the whole filesystem is shared as-is. – slhck – 2012-06-13T19:55:54.860